| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: System Fix Virus auf Win7 64 BitWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
16.11.2011, 21:28
| #1 |
 |  System Fix Virus auf Win7 64 Bit Hallo, ich brauche eure Hilfe. Ich habe auf einer Webseite offensichtlich den System Fix Virus bekommen. Nachdem ich auf der Webseite eine Auswahl filtern wollte, kam die Meldiung, dass das System schwerwiegende Fehler hat und es wurden alle Programmicons gelöscht. Nachdem ich im Forum nachgelesen habe, hab ich die OTLPENet.exe runtergeladen, jedoch bricht mein System den Bootvorgang mit einem Bluescreen ab. Ich hab in einem anderem Forum eine Ubuntu 10.10 Notfall CD gefunden. Mit dieser CD lässt sich der PC auch booten. Was kann ich versuchen um mein System zu retten ? die OTLPEN kann ich da ja nicht ausführen oder ? Danke! LG Jörg |
|
16.11.2011, 21:48
| #2 |
| /// Malware-holic   | System Fix Virus auf Win7 64 Bit hi, kannst du über f8 in den abgesicherten modus mit netzwerk? falls ja:
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)
__________________ |
|
16.11.2011, 22:13
| #3 |
| | System Fix Virus auf Win7 64 Bit Danke für den Tip, hat so weit mal funktioniert.
__________________Hier die Ergebnisse: Extras:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 16.11.2011 21:58:06 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = G:\
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
5,98 Gb Total Physical Memory | 5,03 Gb Available Physical Memory | 84,13% Memory free
11,96 Gb Paging File | 11,02 Gb Available in Paging File | 92,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 834,54 Gb Free Space | 89,60% Space Free | Partition Type: NTFS
Drive F: | 1397,26 Gb Total Space | 1104,73 Gb Free Space | 79,06% Space Free | Partition Type: NTFS
Drive G: | 1,87 Gb Total Space | 1,87 Gb Free Space | 99,97% Space Free | Partition Type: FAT
Computer Name: JOERG | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{1374CC63-B520-4f3f-98E8-E9020BF01CFF}" = Windows XP Mode
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{42738DB0-FC3E-4672-A99B-9372F5696E30}" = Microsoft Security Client
"{446EE0D9-1F6B-42BF-8278-8D0B172BA15D}" = Microsoft IntelliType Pro 8.1
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{62E685A3-1E4F-4A12-B77C-9949DE9E7DFB}" = FRITZ!Fernzugang
"{6DD01FF3-63CE-436B-96DB-61363EAA4EB8}" = MobileMe Control Panel
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9C98CA38-4C1A-4AC8-B55C-169497C8826B}" = Apple Mobile Device Support
"{9CD0F7D3-B67F-4BF8-8784-D73AD229FF1E}" = iTunes
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BBBE35B2-9349-3C48-BD3D-F574B17C7924}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022.218
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{EC8A40B2-096A-4EA4-B11A-167F87F293A7}" = iCloud
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"EPSON SX620FW Series" = EPSON SX620FW Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft IntelliType Pro 8.1" = Microsoft IntelliType Pro 8.1
"Microsoft Security Client" = Microsoft Security Essentials
"Pen Tablet Driver" = Bamboo
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{03B8AA32-F23C-4178-B8E6-09ECD07EAA47}" = Epson Event Manager
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}" = Epson FAX Utility
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{292A9286-58C7-11D4-9882-005004EDBBBD}" = HiPath 3000 Manager C 68.50.555.0
"{2A8AEFF7-E7DA-4440-979A-2AB137BE185C}_is1" = F-Editor
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{310C1558-F6B5-4889-98B0-7471966BA7F2}" = Epson Easy Photo Print 2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{3521BDBD-D453-5D9F-AA55-44B75D214629}" = Adobe Community Help
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4736607E-57BF-11D4-9881-005004EDBBBD}" = HiPath 3000 Manager E 68.50.850.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E33D05D-76CF-5D3C-4D5D-7727530FA161}" = Adobe Content Viewer
"{4E8FFAB1-88FA-4A8C-B611-08C2C9DD69F3}_is1" = NinjaLite 3.9.6
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}" = Asmedia ASM106x SATA Host Controller Driver
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65421D16-36C3-4081-95D9-AF4475676015}" = MUSIPHONE Jukebox 2.0.20 (Deutsch)
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7F7E9471-BDEB-4BA2-9DD1-749CDAB4DA70}" = Artcut Software
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}" = MODEM Mobiler Anschluss
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A79408B0-345D-42E8-8EB6-00597320B9E0}" = FRITZ!Box-Fernzugang einrichten
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A9111573-EF12-4D80-A5B9-55F620D5BCA1}" = PL-2303 USB-to-Serial
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-1033-F400-7760-000000000005}" = Adobe Acrobat X Pro - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-AA0000000001}" = Adobe Reader X (10.0.1) - Deutsch
"{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}" = Nero Multimedia Suite 10 Essentials
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility
"{BDE646E8-86E0-50E1-37BC-0AEBB2185D76}" = Adobe Widget Browser
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
"{C9D8A041-2963-4B31-8FFC-1500F3DB9293}" = EpsonNet Setup 3.3
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCD2A80-EC16-11E0-A273-B8AC6F97B88E}" = Google Earth
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D57FC112-312E-4D70-860F-2DB8FB6858F0}" = Adobe Creative Suite 5.5 Master Collection
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DF8195AF-8E6F-4487-A0EE-196F7E3F4B8A}" = jetAudio Basic VX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F1000000-0001-0000-0000-074957833700}" = ABBYY FineReader 10 Corporate Edition
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Advanced Port Scanner v1.3" = Advanced Port Scanner v1.3
"artcut german version" = artcut german version
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"BabylonToolbar" = Babylon toolbar on IE
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Colorizer3" = Colorizer3 1.0
"com.adobe.dmp.contentviewer" = Adobe Content Viewer
"com.adobe.WidgetBrowser.E7BED6E5DDA59983786DD72EBFA46B1598278E07.1" = Adobe Widget Browser
"EPSON PC-FAX Driver 2" = Epson PC-FAX Driver
"EPSON Scanner" = EPSON Scan
"EPSON SX620FW Series Manual" = EPSON SX620FW Series Handbuch
"EPSON SX620FW Series Network Guide" = EPSON SX620FW Series Netzwerk-Handbuch
"FileZilla Client" = FileZilla Client 3.5.1
"Google Chrome" = Google Chrome
"GSiteCrawler" = GSiteCrawler
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"Memory Manager_is1" = Memory Manager 2.07
"Mozilla Firefox 8.0 (x86 de)" = Mozilla Firefox 8.0 (x86 de)
"Nmap" = Nmap 5.51
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"Protect Disc License Helper" = Protect Disc License Helper 1.0.118
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SchnapperPro" = SchnapperPro 2.0.72
"TAPPS DE_is1" = TAPPS 1.25 DE
"TeamViewer 6" = TeamViewer 6
"Visitenkarten-Druckerei 12_is1" = DATA BECKER Visitenkarten-Druckerei 12
"Wacom WebTabletPlugin for IE" = WebTablet IE Plugin
"Wacom WebTabletPlugin for Netscape" = WebTablet Netscape Plugin
"WinLiveSuite" = Windows Live Essentials
"WinPcapInst" = WinPcap 4.1.2
"Winsol_is1" = Winsol 1.22
"Wireshark" = Wireshark 1.6.3
"xHamster Video Downloader_is1" = xHamster Video Downloader 3.23
"XMedia Recode" = XMedia Recode 3.0.2.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FoxTab Music Converter" = FoxTab Music Converter
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 10.11.2011 19:30:11 | Computer Name = JOERG.immorat.local | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 10.11.2011 19:31:17 | Computer Name = JOERG.immorat.local | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\microsoft security client\MSESysprep.dll" in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error - 10.11.2011 19:32:11 | Computer Name = JOERG.immorat.local | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\modem mobiler anschluss\DELZIP179.DLL". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\modem mobiler anschluss\DELZIP179.DLL" in Zeile 8. Der Wert
"*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 11.11.2011 13:39:12 | Computer Name = JOERG.immorat.local | Source = Bonjour Service | ID = 100
Description = 492: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 11.11.2011 13:39:12 | Computer Name = JOERG.immorat.local | Source = Bonjour Service | ID = 100
Description = 232: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 11.11.2011 13:39:12 | Computer Name = JOERG.immorat.local | Source = Bonjour Service | ID = 100
Description = 460: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 11.11.2011 18:41:04 | Computer Name = JOERG.immorat.local | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Ass_150e.exe, Version: 68.50.850.0,
Zeitstempel: 0x4e1c1ad6 Name des fehlerhaften Moduls: TCOMM32.DLL_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4e1c1ae5 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6455b844
ID
des fehlerhaften Prozesses: 0x14dc Startzeit der fehlerhaften Anwendung: 0x01cca0a6dc2ff910
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Siemens\HiPath 3000 Manager
E\Ass_150e.exe Pfad des fehlerhaften Moduls: TCOMM32.DLL Berichtskennung: 3ca94139-0cb6-11e1-a071-f46d04214138
Error - 11.11.2011 23:28:36 | Computer Name = JOERG.immorat.local | Source = SideBySide | ID = 16842827
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe"
in Zeile 2. Mehrere requestedPrivileges-Elemente sind nicht im Manifest zulässig.
Error - 11.11.2011 23:30:00 | Computer Name = JOERG.immorat.local | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\microsoft
security client\MSESysprep.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\microsoft security client\MSESysprep.dll" in Zeile 10. Das imaging-Element
wird als untergeordnetes Element des urn:schemas-microsoft-com:asm.v1^assembly-Elements
angezeigt, das von dieser Windows-Version nicht unterstützt wird.
Error - 11.11.2011 23:31:22 | Computer Name = JOERG.immorat.local | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\modem mobiler anschluss\DELZIP179.DLL". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\modem mobiler anschluss\DELZIP179.DLL" in Zeile 8. Der Wert
"*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
[ Media Center Events ]
Error - 10.09.2011 01:14:28 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0
Description = 07:14:28 - Fehler beim Herstellen der Internetverbindung. 07:14:28
- Serververbindung konnte nicht hergestellt werden..
Error - 10.09.2011 01:14:49 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0
Description = 07:14:48 - Fehler beim Herstellen der Internetverbindung. 07:14:48
- Serververbindung konnte nicht hergestellt werden..
Error - 10.09.2011 02:15:20 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0
Description = 08:15:20 - Fehler beim Herstellen der Internetverbindung. 08:15:20
- Serververbindung konnte nicht hergestellt werden..
Error - 10.09.2011 02:15:42 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0
Description = 08:15:41 - Fehler beim Herstellen der Internetverbindung. 08:15:41
- Serververbindung konnte nicht hergestellt werden..
Error - 13.11.2011 22:25:58 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0
Description = 03:25:56 - Fehler beim Herstellen der Internetverbindung. 03:25:56
- Serververbindung konnte nicht hergestellt werden..
Error - 13.11.2011 23:26:41 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0
Description = 04:26:40 - Fehler beim Herstellen der Internetverbindung. 04:26:40
- Serververbindung konnte nicht hergestellt werden..
Error - 14.11.2011 00:27:25 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0
Description = 05:27:24 - Fehler beim Herstellen der Internetverbindung. 05:27:24
- Serververbindung konnte nicht hergestellt werden..
Error - 14.11.2011 01:28:08 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0
Description = 06:28:08 - Fehler beim Herstellen der Internetverbindung. 06:28:08
- Serververbindung konnte nicht hergestellt werden..
Error - 14.11.2011 01:28:38 | Computer Name = JOERG.immorat.local | Source = MCUpdate | ID = 0
Description = 06:28:37 - Fehler beim Herstellen der Internetverbindung. 06:28:37
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 16.11.2011 16:56:34 | Computer Name = JOERG.immorat.local | Source = DCOM | ID = 10005
Description =
Error - 16.11.2011 16:56:35 | Computer Name = JOERG.immorat.local | Source = DCOM | ID = 10005
Description =
Error - 16.11.2011 16:56:34 | Computer Name = JOERG.immorat.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.11.2011 16:56:34 | Computer Name = JOERG.immorat.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.11.2011 16:56:35 | Computer Name = JOERG.immorat.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.11.2011 16:56:35 | Computer Name = JOERG.immorat.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.11.2011 16:56:35 | Computer Name = JOERG.immorat.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.11.2011 16:56:35 | Computer Name = JOERG.immorat.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.11.2011 16:56:35 | Computer Name = JOERG.immorat.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 16.11.2011 16:56:35 | Computer Name = JOERG.immorat.local | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
< End of report >
OTL:OTL Logfile: Code:
ATTFilter OTL logfile created on: 16.11.2011 21:58:06 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = G:\ 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 5,98 Gb Total Physical Memory | 5,03 Gb Available Physical Memory | 84,13% Memory free 11,96 Gb Paging File | 11,02 Gb Available in Paging File | 92,16% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 834,54 Gb Free Space | 89,60% Space Free | Partition Type: NTFS Drive F: | 1397,26 Gb Total Space | 1104,73 Gb Free Space | 79,06% Space Free | Partition Type: NTFS Drive G: | 1,87 Gb Total Space | 1,87 Gb Free Space | 99,97% Space Free | Partition Type: FAT Computer Name: JOERG | User Name: Administrator | Logged in as Administrator. Boot Mode: SafeMode | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - G:\OTL.exe (OldTimer Tools) ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - (NisSrv) -- C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation) SRV:64bit: - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (nwtsrv) -- C:\Program Files\FRITZ!Fernzugang\nwtsrv.exe (AVM Berlin) SRV:64bit: - (certsrv) -- C:\Program Files\FRITZ!Fernzugang\certsrv.exe (AVM Berlin) SRV:64bit: - (avmike) -- C:\Program Files\FRITZ!Fernzugang\avmike.exe (AVM Berlin) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (SplashtopRemoteService) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.) SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.) SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (TabletServicePen) -- C:\Programme\Tablet\Pen\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (TouchServicePen) -- C:\Programme\Tablet\Pen\Pen_TouchService.exe (Wacom Technology, Corp.) SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.) SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) SRV - (ABBYY.Licensing.FineReader.Corporate.10.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe (ABBYY) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY) SRV - (DBService) -- C:\Program Files (x86)\Common Files\DATA BECKER Shared\DBService.exe (DATA BECKER GmbH & Co KG) SRV - (SchnapperPro-TimeSync) -- C:\Program Files (x86)\SchnapperPro\TimeSync.exe (Schnapper-Software Robert Beer) SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation) DRV:64bit: - (dc3d) MS Hardware Device Detection Driver (USB) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (wacmoumonitor) -- C:\Windows\SysNative\drivers\wacmoumonitor.sys (Wacom Technology) DRV:64bit: - (wacommousefilter) -- C:\Windows\SysNative\drivers\wacommousefilter.sys (Wacom Technology) DRV:64bit: - (wacomvhid) -- C:\Windows\SysNative\drivers\wacomvhid.sys (Wacom Technology) DRV:64bit: - (NPF) -- C:\Windows\SysNative\drivers\npf.sys (CACE Technologies, Inc.) DRV:64bit: - (NWIM) -- C:\Windows\SysNative\drivers\avmnwim.sys (AVM Berlin) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (vpcnfltr) -- C:\Windows\SysNative\drivers\vpcnfltr.sys (Microsoft Corporation) DRV:64bit: - (vpcvmm) -- C:\Windows\SysNative\drivers\vpcvmm.sys (Microsoft Corporation) DRV:64bit: - (vpcusb) -- C:\Windows\SysNative\drivers\vpcusb.sys (Microsoft Corporation) DRV:64bit: - (vpcbus) -- C:\Windows\SysNative\drivers\vpchbus.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.) DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.) DRV:64bit: - (CamDrL64) Logitech QuickCam Pro 3000(PID_08B0) -- C:\Windows\SysNative\drivers\CamDrL64.sys (Logitech Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Amazon.de" FF - prefs.js..browser.startup.homepage: "www.google.at" FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=22af5e55000000000000f46d04214138&tlver=1.4.35.10&affID=100474" FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Program Files (x86)\ProtectDisc\License Helper\NPPDLicenseHelper.dll () FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@wacom.com/wacom-plugin,version=1.1.0.5: C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011.06.07 17:36:13 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2011.09.28 18:09:11 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.11 18:44:26 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.11.11 18:44:26 | 000,000,000 | -H-D | M] [2011.06.08 20:49:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\administrator\AppData\Roaming\mozilla\Extensions [2011.11.07 15:57:26 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\administrator\AppData\Roaming\mozilla\Firefox\Profiles\ya02zq6u.default\extensions [2011.10.04 15:26:37 | 000,000,000 | -H-D | M] (ColorZilla) -- C:\Users\administrator\AppData\Roaming\mozilla\Firefox\Profiles\ya02zq6u.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326} [2011.11.10 06:40:38 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.10.21 06:57:45 | 000,000,000 | -H-D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} () (No name found) -- C:\USERS\ADMINISTRATOR\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\YA02ZQ6U.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2011.11.10 06:40:31 | 000,134,104 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.06.28 18:41:56 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2008.02.22 16:24:06 | 000,095,832 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\NPPDLicenseHelper.dll [2011.11.10 06:40:29 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.10.29 19:51:19 | 000,002,288 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2011.11.10 06:40:29 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2011.11.10 06:40:29 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.11.10 06:40:29 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.11.10 06:40:29 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.11.10 06:40:29 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\15.0.874.120\pdf.dll CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPPDLicenseHelper.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Wacom Dynamic Link Library (Enabled) = C:\Program Files (x86)\TabletPlugins\npwacom.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Skype Click to Call = C:\Users\administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\ O1 HOSTS File: ([2011.11.12 12:28:55 | 000,003,155 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 3dns.adobe.com O1 - Hosts: 127.0.0.1 3dns-1.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com O1 - Hosts: 127.0.0.1 hh-software.com O1 - Hosts: 51 more lines... O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.4.35.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.) O4 - HKLM..\Run: [Bonus.SSR.FR10] C:\Program Files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe (ABBYY.) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IoWwDnqsYPU.exe] C:\ProgramData\IoWwDnqsYPU.exe (Rcvr Inc) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [SchnapperPro] C:\Program Files (x86)\SchnapperPro\SchnapperPro.exe (Schnapper-Software Robert Beer) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An SchnapperPro senden - hxxp://www.sniper-tool.de/SchnapperPro/IE-MenuExt.html File not found O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An SchnapperPro senden - hxxp://www.sniper-tool.de/SchnapperPro/IE-MenuExt.html File not found O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - Reg Error: Key error. File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: SchnapperPro - {D6243B39-211B-440E-B4C5-26D2A579CAC8} - Reg Error: Key error. File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = immorat.local O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B2F73B6-573C-4960-84BD-83601550168E}: NameServer = 192.168.1.10 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2010.07.10 03:16:15 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ] O32 - AutoRun File - [2002.10.16 13:56:50 | 000,000,036 | RH-- | M] () - F:\autorun.inf -- [ NTFS ] O33 - MountPoints2\{d07911e4-e39e-11e0-aca7-f46d04214138}\Shell - "" = AutoRun O33 - MountPoints2\{d07911e4-e39e-11e0-aca7-f46d04214138}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.11.16 19:50:40 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{CD6466BC-B2BF-4F80-8655-D70F49EF1E27} [2011.11.16 19:18:48 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix [2011.11.16 19:18:14 | 000,380,928 | -H-- | C] (Rcvr Inc) -- C:\ProgramData\W1SWdm8eagvp0l.exe [2011.11.16 19:18:00 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{C048F634-FE41-4061-A4CC-2EBD7AD1F01B} [2011.11.16 19:08:40 | 000,491,520 | -H-- | C] (Rcvr Inc) -- C:\ProgramData\IoWwDnqsYPU.exe [2011.11.13 02:00:14 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{F37E2F6D-6CFE-4413-817F-2D9C959DD0FD} [2011.11.13 02:00:01 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{C9124E5A-E162-4F0E-A078-53D983518873} [2011.11.11 18:44:23 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2011.11.11 18:44:14 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\QuickTime [2011.11.11 18:42:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2011.11.11 18:41:50 | 000,000,000 | -H-D | C] -- C:\Program Files\iTunes [2011.11.11 18:41:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\iTunes [2011.11.11 18:41:50 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod [2011.11.11 18:39:56 | 000,000,000 | -H-D | C] -- C:\Program Files\Bonjour [2011.11.11 18:39:56 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Bonjour [2011.11.11 18:39:15 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2011.11.10 16:43:42 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Wireshark [2011.11.10 16:25:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap [2011.11.10 16:24:33 | 000,000,000 | -H-D | C] -- C:\Program Files\Wireshark [2011.11.10 06:40:11 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{48E55336-7A5B-481F-9383-D3FD30FFD04D} [2011.11.10 06:39:33 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{095D82DB-BEC3-406C-876F-115A68A07165} [2011.11.08 07:15:15 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{2E7D2F8E-25B3-4472-B247-BDEB8BAAA8DC} [2011.11.08 07:15:04 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{E21CDBF6-36D3-4E14-8EBF-7FB4820FF64D} [2011.11.07 19:14:50 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{A6A1FB46-123F-4926-BFF4-A38498332A6C} [2011.11.07 19:14:14 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{D4CE9191-B8E9-4BD8-871B-70B0694A7A66} [2011.11.05 03:01:00 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\AVM [2011.11.05 03:00:30 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\FRITZ!Fernzugang einrichten [2011.11.05 02:50:02 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{12FB51E1-0967-4C61-93F6-2638ECD08DD1} [2011.11.05 02:49:47 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{51425D9D-6C4F-4C88-B57E-E7FC3D011E95} [2011.11.05 01:28:53 | 000,000,000 | -H-D | C] -- C:\ProgramData\AVM [2011.11.05 01:26:09 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Fernzugang [2011.11.05 01:26:09 | 000,000,000 | -H-D | C] -- C:\Program Files\FRITZ!Fernzugang [2011.11.05 01:25:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2011.11.04 22:21:12 | 000,000,000 | -H-D | C] -- C:\Users\administrator\.zenmap [2011.11.04 22:20:39 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Nmap [2011.11.04 22:20:25 | 000,000,000 | -H-D | C] -- C:\Program Files\WinPcap [2011.11.04 22:19:52 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Nmap [2011.11.04 22:07:02 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner [2011.11.04 22:07:02 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced Port Scanner [2011.11.04 22:06:56 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Advanced Port Scanner [2011.11.04 19:39:47 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NinjaLite [2011.11.04 19:39:41 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\NinjaLite [2011.10.30 21:49:05 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Musiphone [2011.10.30 21:49:05 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Musiphone [2011.10.30 21:48:22 | 000,000,000 | -H-D | C] -- C:\Windows\Downloaded Installations [2011.10.30 17:40:59 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\SchnapperPro [2011.10.30 17:40:45 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SchnapperPro [2011.10.30 17:40:43 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\SchnapperPro [2011.10.29 19:51:30 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\BabylonToolbar [2011.10.29 19:51:19 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FoxTab Music Converter [2011.10.29 19:51:19 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\Babylon [2011.10.29 19:51:18 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\FoxTabMusicConverter [2011.10.29 19:51:18 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Babylon [2011.10.29 19:51:18 | 000,000,000 | -H-D | C] -- C:\ProgramData\Babylon [2011.10.28 18:19:02 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{485D00B3-DB2C-480C-A96B-106D9BBEF1D9} [2011.10.27 20:31:02 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Audacity [2011.10.27 20:30:36 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Audacity 1.3 Beta (Unicode) [2011.10.27 20:15:15 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\COWON [2011.10.27 20:13:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\COWON [2011.10.27 20:13:35 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jetAudio [2011.10.27 20:13:34 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\JetAudio [2011.10.27 20:12:46 | 039,688,475 | -H-- | C] (Acresso Software Inc. ) -- C:\Users\administrator\Desktop\JAD8016_BASIC.exe [2011.10.27 19:56:54 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ [2011.10.27 19:56:50 | 000,000,000 | -H-D | C] -- C:\Users\administrator\Documents\VirtualDJ [2011.10.27 19:56:50 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\VirtualDJ [2011.10.27 19:55:43 | 036,608,000 | -H-- | C] (Microsoft Corporation) -- C:\Users\administrator\Desktop\install_virtualdj_home_v7.0.5.exe [2011.10.24 14:29:02 | 000,094,208 | -H-- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2011.10.24 14:29:02 | 000,069,632 | -H-- | C] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2011.10.21 15:01:46 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\License Management Information [2011.10.21 06:57:38 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2011.10.20 20:23:11 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{7DE06807-ED72-4C11-9493-83D5AF8CB5DB} [2011.10.20 20:22:35 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{B57E6B1D-6282-4B76-8FBC-CE6173D0072B} [2011.10.20 20:08:12 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiPath 3000 Manager C [2011.10.20 19:38:29 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Siemens [2011.10.20 19:38:00 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiPath 3000 Manager E [2011.10.20 19:37:46 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\Siemens AG [2011.10.20 19:37:12 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Siemens [2011.10.20 19:35:06 | 000,092,160 | ---- | C] (Prolific Technology Inc.) -- C:\Windows\SysNative\drivers\ser2pl64.sys [2011.10.20 19:28:37 | 000,035,892 | -H-- | C] (Prolific Technology Inc.) -- C:\Windows\SysWow64\SER9PL.sys [1 C:\Windows\Fonts\*.tmp files -> C:\Windows\Fonts\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.11.16 22:02:23 | 001,513,870 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.11.16 22:02:23 | 000,659,760 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.11.16 22:02:23 | 000,621,036 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.11.16 22:02:23 | 000,132,032 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.11.16 22:02:23 | 000,108,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.11.16 21:55:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.11.16 21:55:35 | 522,137,599 | -HS- | M] () -- C:\hiberfil.sys [2011.11.16 19:54:43 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.11.16 19:54:43 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.11.16 19:47:25 | 000,000,454 | -H-- | M] () -- C:\Windows\tasks\SchnapperPro-Weckdienst [Administrator].job [2011.11.16 19:20:30 | 000,000,456 | -H-- | M] () -- C:\ProgramData\W1SWdm8eagvp0l [2011.11.16 19:18:48 | 000,000,682 | -H-- | M] () -- C:\Users\administrator\Desktop\System Fix.lnk [2011.11.16 19:18:14 | 000,380,928 | -H-- | M] (Rcvr Inc) -- C:\ProgramData\W1SWdm8eagvp0l.exe [2011.11.16 19:11:48 | 000,002,002 | -H-- | M] () -- C:\Users\administrator\Documents\Default.rdp [2011.11.16 19:05:15 | 000,491,520 | -H-- | M] (Rcvr Inc) -- C:\ProgramData\IoWwDnqsYPU.exe [2011.11.12 12:28:55 | 000,003,155 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella [2011.11.12 12:28:55 | 000,003,155 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2011.11.11 20:26:20 | 000,155,862 | -H-- | M] () -- C:\Users\administrator\Desktop\VoIP Gateway 5188 36.04.80_11.11.11_2026_sipgate.export [2011.11.11 20:20:23 | 000,000,057 | -H-- | M] () -- C:\Windows\TCOMM32.INI [2011.11.11 20:01:52 | 000,155,778 | -H-- | M] () -- C:\Users\administrator\Desktop\VoIP Gateway 5188 36.04.80_11.11.11_2002.export [2011.11.10 20:48:03 | 000,015,973 | -H-- | M] () -- C:\Users\administrator\Desktop\319219_298472610171216_100000254374269_1100091_1903881395_n.jpg [2011.11.10 03:21:43 | 005,072,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.11.04 22:20:39 | 000,000,996 | -H-- | M] () -- C:\Users\administrator\Desktop\Nmap - Zenmap GUI.lnk [2011.11.04 19:39:48 | 000,001,988 | -H-- | M] () -- C:\Users\administrator\Desktop\NinjaLite.lnk [2011.11.03 00:33:11 | 000,018,576 | -H-- | M] () -- C:\arc_noHA.arc [2011.11.03 00:33:11 | 000,018,576 | -H-- | M] () -- C:\arc_HAED.arc [2011.11.03 00:33:11 | 000,000,248 | -H-- | M] () -- C:\startarc.arc [2011.10.29 19:51:19 | 000,001,156 | -H-- | M] () -- C:\Users\administrator\Desktop\FoxTab Music Converter.lnk [2011.10.27 20:30:43 | 000,001,177 | -H-- | M] () -- C:\Users\administrator\Desktop\Audacity 1.3 Beta (Unicode).lnk [2011.10.27 20:13:01 | 039,688,475 | -H-- | M] (Acresso Software Inc. ) -- C:\Users\administrator\Desktop\JAD8016_BASIC.exe [2011.10.27 19:56:56 | 000,001,079 | -H-- | M] () -- C:\Users\administrator\Desktop\VirtualDJ Home FREE.lnk [2011.10.27 19:55:56 | 036,608,000 | -H-- | M] (Microsoft Corporation) -- C:\Users\administrator\Desktop\install_virtualdj_home_v7.0.5.exe [2011.10.26 09:16:06 | 000,004,096 | -H-- | M] () -- C:\Users\Public\Documents\000014A1.LCS [2011.10.24 14:29:02 | 000,094,208 | -H-- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTimeVR.qtx [2011.10.24 14:29:02 | 000,069,632 | -H-- | M] (Apple Inc.) -- C:\Windows\SysWow64\QuickTime.qts [2011.10.20 20:22:11 | 000,414,368 | -H-- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2011.10.20 20:08:15 | 000,015,617 | -H-- | M] () -- C:\Windows\ASS_150E.INI [2011.10.20 19:38:01 | 000,015,617 | -H-- | M] () -- C:\Windows\ASS_150E.OLD ========== Files Created - No Company Name ========== [2011.11.16 19:18:48 | 000,000,682 | -H-- | C] () -- C:\Users\administrator\Desktop\System Fix.lnk [2011.11.16 19:18:43 | 000,000,456 | -H-- | C] () -- C:\ProgramData\W1SWdm8eagvp0l [2011.11.16 10:21:04 | 000,000,454 | -H-- | C] () -- C:\Windows\tasks\SchnapperPro-Weckdienst [Administrator].job [2011.11.11 20:26:19 | 000,155,862 | -H-- | C] () -- C:\Users\administrator\Desktop\VoIP Gateway 5188 36.04.80_11.11.11_2026_sipgate.export [2011.11.11 20:01:51 | 000,155,778 | -H-- | C] () -- C:\Users\administrator\Desktop\VoIP Gateway 5188 36.04.80_11.11.11_2002.export [2011.11.10 20:48:02 | 000,015,973 | -H-- | C] () -- C:\Users\administrator\Desktop\319219_298472610171216_100000254374269_1100091_1903881395_n.jpg [2011.11.04 22:20:39 | 000,000,996 | -H-- | C] () -- C:\Users\administrator\Desktop\Nmap - Zenmap GUI.lnk [2011.11.04 19:39:48 | 000,001,988 | -H-- | C] () -- C:\Users\administrator\Desktop\NinjaLite.lnk [2011.11.03 00:33:11 | 000,018,576 | -H-- | C] () -- C:\arc_noHA.arc [2011.11.03 00:33:11 | 000,018,576 | -H-- | C] () -- C:\arc_HAED.arc [2011.11.03 00:33:11 | 000,000,248 | -H-- | C] () -- C:\startarc.arc [2011.10.29 19:51:19 | 000,001,156 | -H-- | C] () -- C:\Users\administrator\Desktop\FoxTab Music Converter.lnk [2011.10.27 20:30:43 | 000,001,177 | -H-- | C] () -- C:\Users\administrator\Desktop\Audacity 1.3 Beta (Unicode).lnk [2011.10.27 19:56:56 | 000,001,079 | -H-- | C] () -- C:\Users\administrator\Desktop\VirtualDJ Home FREE.lnk [2011.10.20 20:08:09 | 000,015,617 | -H-- | C] () -- C:\Windows\ASS_150E.OLD [2011.10.20 19:41:30 | 000,000,057 | -H-- | C] () -- C:\Windows\TCOMM32.INI [2011.10.20 19:38:01 | 000,015,617 | -H-- | C] () -- C:\Windows\ASS_150E.INI [2011.10.20 19:28:37 | 000,026,719 | -H-- | C] () -- C:\Windows\SysWow64\SERSPL.VXD [2011.10.08 12:35:20 | 000,000,132 | -H-- | C] () -- C:\Users\administrator\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.10.08 12:29:52 | 000,000,022 | -H-- | C] () -- C:\Windows\Artcut6.INI [2011.10.08 12:29:47 | 000,000,512 | -H-- | C] () -- C:\Windows\SysWow64\WTCY9853.dat [2011.09.20 17:46:24 | 002,089,984 | -H-- | C] () -- C:\Windows\SysWow64\CustomPic.dll [2011.09.20 16:38:52 | 000,000,000 | -H-- | C] () -- C:\Windows\EEventManager.INI [2011.09.17 10:09:21 | 000,000,132 | -H-- | C] () -- C:\Users\administrator\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.08.28 12:02:12 | 000,001,456 | -H-- | C] () -- C:\Users\administrator\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2011.08.01 16:21:38 | 000,852,264 | -H-- | C] () -- C:\Windows\SysWow64\wodCertificate.dll [2011.07.12 10:07:08 | 000,118,860 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2011.06.13 23:05:29 | 000,000,069 | -H-- | C] () -- C:\Windows\NeroDigital.ini [2011.06.09 06:15:17 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.06.08 20:49:30 | 000,000,000 | -H-- | C] () -- C:\Windows\nsreg.dat [2011.06.06 17:59:33 | 001,538,324 | -H-- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.06.06 17:28:25 | 000,002,412 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2011.06.03 15:47:25 | 000,036,043 | -H-- | C] () -- C:\Windows\Ascd_log.ini [2011.06.03 15:46:19 | 000,024,500 | -H-- | C] () -- C:\Windows\Ascd_tmp.ini [2011.06.03 15:23:09 | 000,001,769 | -H-- | C] () -- C:\Windows\Language_trs.ini [2011.05.20 21:35:28 | 000,304,744 | -H-- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2010.06.25 18:03:12 | 000,053,299 | -H-- | C] () -- C:\Windows\SysWow64\pthreadVC.dll [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | -H-- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | -H-- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2009.04.02 13:30:14 | 000,010,296 | -H-- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2003.04.19 16:40:44 | 000,035,328 | -H-- | C] () -- C:\Windows\SysWow64\MP3reader.dll < End of report > Danke LG Jörg Geändert von joerg69 (16.11.2011 um 22:37 Uhr) |
|
17.11.2011, 11:55
| #4 |
| /// Malware-holic | System Fix Virus auf Win7 64 Bit hiho bitte in den abges.modus achtung! dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKLM..\Run: [IoWwDnqsYPU.exe] C:\ProgramData\IoWwDnqsYPU.exe (Rcvr Inc)
[2011.11.16 19:50:40 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{CD6466BC-B2BF-4F80-8655-D70F49EF1E27}
[2011.11.16 19:18:48 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix
[2011.11.16 19:18:14 | 000,380,928 | -H-- | C] (Rcvr Inc) -- C:\ProgramData\W1SWdm8eagvp0l.exe
[2011.11.16 19:18:00 | 000,000,000 | -H-D | C] -- C:\Users\administrator\AppData\Local\{C048F634-FE41-4061-A4CC-2EBD7AD1F01B}
[2011.11.16 19:08:40 | 000,491,520 | -H-- | C] (Rcvr Inc) -- C:\ProgramData\IoWwDnqsYPU.exe
[2011.11.16 19:20:30 | 000,000,456 | -H-- | M] () -- C:\ProgramData\W1SWdm8eagvp0l
[2011.11.16 19:18:48 | 000,000,682 | -H-- | M] () -- C:\Users\administrator\Desktop\System Fix.lnk
:Files
C:\ProgramData\IoWwDnqsYPU.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. der start in den normalen modus sollte klappen öffne computer, öffne C: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. folge dem link, und lade das archiv im upload channel hoch http://www.trojaner-board.de/54791-a...ner-board.html
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.11.2011, 13:31
| #5 |
| | System Fix Virus auf Win7 64 Bit Danke erstmal für deine Hilfe, die Textdatei wurde erstellt : All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\IoWwDnqsYPU.exe deleted successfully. C:\ProgramData\IoWwDnqsYPU.exe moved successfully. C:\Users\administrator\AppData\Local\{CD6466BC-B2BF-4F80-8655-D70F49EF1E27} folder moved successfully. C:\Users\administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Fix folder moved successfully. C:\ProgramData\W1SWdm8eagvp0l.exe moved successfully. C:\Users\administrator\AppData\Local\{C048F634-FE41-4061-A4CC-2EBD7AD1F01B} folder moved successfully. File C:\ProgramData\IoWwDnqsYPU.exe not found. C:\ProgramData\W1SWdm8eagvp0l moved successfully. C:\Users\administrator\Desktop\System Fix.lnk moved successfully. ========== FILES ========== File\Folder C:\ProgramData\IoWwDnqsYPU.exe not found. ========== COMMANDS ========== [EMPTYFLASH] User: administrator ->Flash cache emptied: 61379 bytes User: All Users User: Default ->Flash cache emptied: 56502 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public User: sandrah ->Flash cache emptied: 56502 bytes User: UpdatusUser User: User ->Flash cache emptied: 3754 bytes Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: administrator ->Temp folder emptied: 1083432580 bytes ->Temporary Internet Files folder emptied: 239170490 bytes ->Java cache emptied: 50804 bytes ->FireFox cache emptied: 812164426 bytes ->Google Chrome cache emptied: 15026474 bytes ->Apple Safari cache emptied: 13903872 bytes ->Flash cache emptied: 0 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: sandrah ->Temp folder emptied: 266891 bytes ->Temporary Internet Files folder emptied: 1926085 bytes ->Java cache emptied: 0 bytes ->Flash cache emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: User ->Temp folder emptied: 50626346 bytes ->Temporary Internet Files folder emptied: 73512825 bytes ->FireFox cache emptied: 188366566 bytes ->Flash cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 117713735 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes RecycleBin emptied: 4448228287 bytes Total Files Cleaned = 6.718,00 mb OTL by OldTimer - Version 3.2.31.0 log created on 11172011_130009 Files\Folders moved on Reboot... C:\Users\administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. Registry entries deleted on Reboot... Die Datei _OTL.rar hab ich hochgeladen Danke, LG Jörg |
|
17.11.2011, 15:52
| #6 |
| /// Malware-holic | System Fix Virus auf Win7 64 Bit ok dann weiter: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ --> System Fix Virus auf Win7 64 Bit |
|
17.11.2011, 17:55
| #7 |
| | System Fix Virus auf Win7 64 Bit Hallo, hier ist das Ergebnis von Combofix: Combofix Logfile: Code:
ATTFilter ComboFix 11-11-17.03 - Administrator 17.11.2011 17:31:04.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.43.1031.18.6125.4129 [GMT 1:00]
ausgeführt von:: c:\users\administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Outdated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Outdated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\UNWISE.EXE
c:\users\administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\System Fix.lnk
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
F:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-10-17 bis 2011-11-17 ))))))))))))))))))))))))))))))
.
.
2011-11-17 16:34 . 2011-11-17 16:34 -------- d-----w- c:\users\User\AppData\Local\temp
2011-11-17 12:16 . 2011-08-12 04:10 8862544 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{97E83323-9355-49D0-BE2C-3F398444760E}\mpengine.dll
2011-11-11 17:41 . 2011-11-11 17:42 -------- d--h--w- c:\program files\iTunes
2011-11-11 17:41 . 2011-11-11 17:42 -------- d--h--w- c:\program files (x86)\iTunes
2011-11-11 17:41 . 2011-11-11 17:41 -------- d--h--w- c:\program files\iPod
2011-11-11 17:39 . 2011-11-11 17:39 -------- d--h--w- c:\program files\Bonjour
2011-11-11 17:39 . 2011-11-11 17:39 -------- d--h--w- c:\program files (x86)\Bonjour
2011-11-10 15:43 . 2011-11-10 15:43 -------- d--h--w- c:\users\administrator\AppData\Roaming\Wireshark
2011-11-10 15:24 . 2011-11-10 15:25 -------- d--h--w- c:\program files\Wireshark
2011-11-09 10:38 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 10:38 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 10:38 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 10:38 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-05 02:01 . 2011-11-05 02:01 -------- d--h--w- c:\users\administrator\AppData\Roaming\AVM
2011-11-05 02:00 . 2011-11-05 02:00 18944 ---ha-r- c:\users\administrator\AppData\Roaming\Microsoft\Installer\{A79408B0-345D-42E8-8EB6-00597320B9E0}\Icon9E0163791.exe
2011-11-05 02:00 . 2011-11-05 02:01 -------- d--h--w- c:\program files (x86)\FRITZ!Fernzugang einrichten
2011-11-05 00:28 . 2011-11-05 00:28 -------- d--h--w- c:\programdata\AVM
2011-11-05 00:26 . 2011-11-05 00:28 -------- d--h--w- c:\program files\FRITZ!Fernzugang
2011-11-05 00:26 . 2011-11-05 00:26 29184 ---ha-r- c:\users\administrator\AppData\Roaming\Microsoft\Installer\{62E685A3-1E4F-4A12-B77C-9949DE9E7DFB}\IconA7C606DF.exe
2011-11-05 00:25 . 2011-11-05 01:59 -------- d--h--w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-11-04 21:21 . 2011-11-04 21:21 -------- d--h--w- c:\users\administrator\.zenmap
2011-11-04 21:20 . 2011-11-10 15:25 -------- d--h--w- c:\program files\WinPcap
2011-11-04 21:19 . 2011-11-04 21:20 -------- d--h--w- c:\program files (x86)\Nmap
2011-11-04 21:06 . 2011-11-04 21:07 -------- d--h--w- c:\program files (x86)\Advanced Port Scanner
2011-11-04 18:39 . 2011-11-04 18:39 -------- d--h--w- c:\program files (x86)\NinjaLite
2011-10-30 20:49 . 2011-10-30 20:49 -------- d--h--w- c:\program files (x86)\Musiphone
2011-10-30 20:48 . 2011-10-30 20:48 -------- d--h--w- c:\windows\Downloaded Installations
2011-10-30 16:40 . 2011-11-16 18:17 -------- d--h--w- c:\users\administrator\AppData\Roaming\SchnapperPro
2011-10-30 16:40 . 2011-10-30 16:40 -------- d--h--w- c:\program files (x86)\SchnapperPro
2011-10-29 18:51 . 2011-10-29 18:51 -------- d--h--w- c:\program files (x86)\BabylonToolbar
2011-10-29 18:51 . 2011-10-29 18:51 -------- d--h--w- c:\users\administrator\AppData\Local\Babylon
2011-10-29 18:51 . 2011-10-29 18:51 -------- d--h--w- c:\program files (x86)\FoxTabMusicConverter
2011-10-29 18:51 . 2011-10-29 18:51 -------- d--h--w- c:\users\administrator\AppData\Roaming\Babylon
2011-10-29 18:51 . 2011-10-29 18:51 -------- d--h--w- c:\programdata\Babylon
2011-10-28 17:19 . 2011-10-28 17:19 -------- d--h--w- c:\users\administrator\AppData\Local\{485D00B3-DB2C-480C-A96B-106D9BBEF1D9}
2011-10-27 19:31 . 2011-11-04 18:16 -------- d--h--w- c:\users\administrator\AppData\Roaming\Audacity
2011-10-27 19:30 . 2011-10-27 19:30 -------- d--h--w- c:\program files (x86)\Audacity 1.3 Beta (Unicode)
2011-10-27 19:15 . 2011-10-27 19:15 -------- d--h--w- c:\users\administrator\AppData\Roaming\COWON
2011-10-27 19:13 . 2011-10-27 19:13 -------- d--h--w- c:\program files (x86)\Common Files\COWON
2011-10-27 19:13 . 2011-10-27 19:17 -------- d--h--w- c:\program files (x86)\JetAudio
2011-10-27 18:56 . 2011-10-27 18:56 -------- d--h--w- c:\program files (x86)\VirtualDJ
2011-10-24 13:29 . 2011-10-24 13:29 94208 ---ha-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 13:29 . 2011-10-24 13:29 69632 ---ha-w- c:\windows\SysWow64\QuickTime.qts
2011-10-20 18:38 . 2011-10-20 19:08 -------- d--h--w- c:\users\administrator\AppData\Roaming\Siemens
2011-10-20 18:37 . 2011-10-20 18:37 -------- d--h--w- c:\program files (x86)\Common Files\Siemens AG
2011-10-20 18:37 . 2011-10-20 19:07 -------- d--h--w- c:\program files (x86)\Siemens
2011-10-20 18:35 . 2008-10-27 12:59 92160 ----a-w- c:\windows\system32\drivers\ser2pl64.sys
2011-10-20 18:28 . 2005-08-03 14:05 35892 ---ha-w- c:\windows\SysWow64\SER9PL.sys
2011-10-20 18:28 . 2005-08-03 14:04 26719 ---ha-w- c:\windows\SysWow64\SERSPL.VXD
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 06:28 . 2011-08-31 19:32 48648 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-10-20 19:22 . 2011-06-03 14:52 414368 ---ha-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 16:01 . 2011-10-11 16:01 917840 ---h--w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F2C4CF93-3331-4806-9F84-D84B48746468}\gapaengine.dll
2011-10-07 04:16 . 2011-06-07 21:35 8570192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-06 05:12 . 2011-08-31 19:32 771888 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-09-10 07:15 . 2011-09-10 07:15 48648 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-09-10 07:15 . 2011-09-10 07:15 845632 ---ha-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-09-01 05:24 . 2011-10-14 01:01 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-09-01 05:17 . 2011-10-14 01:01 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-09-01 05:12 . 2011-10-14 01:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-01 02:35 . 2011-10-14 01:01 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-09-01 02:28 . 2011-10-14 01:01 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-09-01 02:22 . 2011-10-14 01:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-30 22:05 . 2011-08-30 22:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 61288 ----a-w- c:\windows\system32\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 212840 ----a-w- c:\windows\system32\dnssdX.dll
2011-08-30 22:05 . 2011-08-30 22:05 83816 ---ha-w- c:\windows\SysWow64\dns-sd.exe
2011-08-30 22:05 . 2011-08-30 22:05 73064 ---ha-w- c:\windows\SysWow64\dnssd.dll
2011-08-30 22:05 . 2011-08-30 22:05 50536 ---ha-w- c:\windows\SysWow64\jdns_sd.dll
2011-08-30 22:05 . 2011-08-30 22:05 178536 ---ha-w- c:\windows\SysWow64\dnssdX.dll
2011-08-27 05:37 . 2011-10-13 03:43 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-13 03:43 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-13 03:43 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-27 04:26 . 2011-10-13 03:43 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe Acrobat Synchronizer"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe" [2011-09-05 1240992]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"SchnapperPro"="c:\program files (x86)\SchnapperPro\SchnapperPro.exe" [2011-10-11 806224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"Bonus.SSR.FR10"="c:\program files (x86)\ABBYY FineReader 10\Bonus.ScreenshotReader.exe" [2010-01-18 941320]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2011-09-05 36760]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2011-09-05 2904984]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2009-12-02 847872]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 136176]
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-16 136176]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 asahci64;asahci64;c:\windows\system32\DRIVERS\asahci64.sys [x]
S2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [2009-12-18 814344]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 avmike;AVM FRITZ!Fernzugang IKE Service;c:\program files\FRITZ!Fernzugang\avmike.exe [2010-03-30 335224]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
S2 certsrv;AVM FRITZ!Fernzugang Cert Service;c:\program files\FRITZ!Fernzugang\certsrv.exe [2010-03-30 143224]
S2 DBService;DATA BECKER Update Service;c:\program files (x86)\Common Files\DATA BECKER Shared\DBService.exe [2009-01-08 187456]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-05-25 2214504]
S2 nwtsrv;AVM FRITZ!Fernzugang Client;c:\program files\FRITZ!Fernzugang\nwtsrv.exe [2010-03-30 189304]
S2 SchnapperPro-TimeSync;SchnapperPro-TimeSync;c:\program files (x86)\SchnapperPro\TimeSync.exe [2007-08-30 45664]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-10-24 520040]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-09-21 366408]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-05-20 378472]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2010-10-21 5790064]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-06-01 2337144]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2010-10-21 487280]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 NWIM;AVM VPN Miniport;c:\windows\system32\DRIVERS\avmnwim.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2011-11-16 c:\windows\Tasks\SchnapperPro-Weckdienst [Administrator].job
- c:\program files (x86)\SchnapperPro\SchnapperPro.exe [2011-10-11 09:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-19 11613288]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-04-13 1860496]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-30 499608]
"combofix"="c:\combofix\CF6671.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: An SchnapperPro senden - hxxp://www.sniper-tool.de/SchnapperPro/IE-MenuExt.html
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{7B2F73B6-573C-4960-84BD-83601550168E}: NameServer = 192.168.1.10
FF - ProfilePath - c:\users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ya02zq6u.default\
FF - prefs.js: browser.search.selectedEngine - Amazon.de
FF - prefs.js: browser.startup.homepage - www.google.at
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=22af5e55000000000000f46d04214138&tlver=1.4.35.10&affID=100474
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-artcut german version - C:\UNWISE.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{517BDDE4-E3A7-4570-B21E-2B52B6139FC7}"=hex:51,66,7a,6c,4c,1d,3b,1b,f4,c0,6e,
4b,94,b0,19,0a,af,12,6a,12,b5,57,df,d3
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,3b,1b,29,28,96,
5d,f6,83,4c,0e,82,a4,49,59,e1,ae,ec,87
"{074C1DC5-9320-4A9A-947D-C042949C6216}"=hex:51,66,7a,6c,4c,1d,3b,1b,d5,00,59,
1d,13,c0,f3,05,89,71,81,02,97,d8,22,02
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,15,ca,
02,9e,bb,ea,0d,b8,9a,bb,17,8f,6a,fd,d7
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,3b,1b,55,cd,69,
b4,52,bb,26,07,9f,7f,45,05,ed,52,59,04
"{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}"=hex:51,66,7a,6c,4c,1d,3b,1b,79,45,95,
b4,6f,7d,bd,01,92,77,b0,b7,86,5e,04,83
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b5,e6,
ae,12,5d,30,06,a7,2e,03,f3,03,ca,42,eb
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,3b,1b,f7,03,82,
ee,93,89,3a,0f,84,68,27,1d,8d,a2,e0,63
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:b6,2c,85,d2,13,26,cc,01
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,8c,b5,85,8b,b0,cd,8a,41,9a,a1,38,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b9,4d,96,70,43,9c,be,41,be,34,27,\
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Photoshop.exe"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ini\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\dreamweaver.exe"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\jetAudio.exe"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Photoshop.exe"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pst\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Outlook.File.pst.14"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-3734062173-3758828832-3368996802-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10r_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10r.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-11-17 17:52:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-11-17 16:52
.
Vor Suchlauf: 1 Verzeichnis(se), 898.198.671.360 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 911.471.677.440 Bytes frei
.
- - End Of File - - CA9B2292ED66DE8AF22FF3EA86B9D729
Danke, LG Jörg |
|
17.11.2011, 17:59
| #8 |
| /// Malware-holic | System Fix Virus auf Win7 64 Bit gut, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.11.2011, 19:29
| #9 |
| | System Fix Virus auf Win7 64 Bit der Suchlauf wurde beendet, das Logfile : Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8183 Windows 6.1.7601 Service Pack 1 Internet Explorer 9.0.8112.16421 17.11.2011 19:20:41 mbam-log-2011-11-17 (19-20-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|E:\|F:\|G:\|) Durchsuchte Objekte: 719657 Laufzeit: 48 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 1 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FoxTab Music Converter (Affiliate.Downloader) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files (x86)\foxtabmusicconverter\uninstall\uninstall.exe (Affiliate.Downloader) -> Quarantined and deleted successfully. c:\Users\administrator\downloads\musicconvertersetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully. f:\sicherung svr02\programme driver\setup reg tool.exe (Trojan.Dropper) -> Quarantined and deleted successfully. g:\_OTL\movedfiles\11172011_130009\c_programdata\iowwdnqsypu.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. g:\_OTL\movedfiles\11172011_130009\c_programdata\w1swdm8eagvp0l.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. Es werden jetzt wieder einige Icdons am Desktop angezeigt und es gibt wieder Programme unter Start, allerdings nur unter alle Programme. Direkt im Startverzeichnis ist nur Skype und eine Anwendung für Heizungsregelungen. Der Desktop ist weiterhin mit schwarzem Hintergrund. Die Dateien am Arbeitsplatz werden auch wieder angezeigt. Danke! Liebe Grüße! Jörg |
|
17.11.2011, 19:31
| #10 |
| /// Malware-holic | System Fix Virus auf Win7 64 Bit hi, rechtsklick auf den desktop eigenschaften, dort nen hintergrund bild einstellen. http://filepony.de/download-unhide/ doppelklicken, dateien werden sichtbar
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.11.2011, 19:59
| #11 |
| | System Fix Virus auf Win7 64 Bit der Desktop und einige Programmverknüpfungen sind wieder da, aber leider einige auch nicht wie zB Office ..... bekomme ich die wieder irgenwie zu sehen ? ist mein PC jetzt wieder so weit clean ? Danke! Lg Jörg |
|
17.11.2011, 20:02
| #12 |
| /// Malware-holic | System Fix Virus auf Win7 64 Bit sind die verknüpfungen nur in dem bereich zuletzt geöffnet nicht mehr zu sehen? guck mal unter alle programme, öffne dort office mal dann sollten sie wieder da sein
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.11.2011, 20:10
| #13 |
| | System Fix Virus auf Win7 64 Bit nein, sind sie leider nicht.... wenn ich jedoch unter C:\Program Files (x86) am Arbeitsplatz sehe sind die Programme da und funktionieren auch... aber die Verknüpfungen fehlen .... leider von sehr vielen .... Danke! Lg Jörg |
|
17.11.2011, 20:15
| #14 |
| | System Fix Virus auf Win7 64 Bit Habe unter Eigenschaften gefunden, dass da offensichtlich Vorgängerversionen vorhanden sind, die sich wieder herstellen lassen würden. Kann ich das versuchen ? |
|
17.11.2011, 20:20
| #15 |
| /// Malware-holic | System Fix Virus auf Win7 64 Bit ja versuchs mal. evtl. war ich da etwas voreilig mit meinem otl script und deswegen können wir die verknüpfungen nicht mehr zurück hohlen, sorry.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu System Fix Virus auf Win7 64 Bit |
| 64 bit, anderem, ausführen, bluescreen, bootvorgang, brauche, bricht, fehler, filter, filtern, fix, forum, gefunde, notfall, retten, runtergeladen, schwerwiegende, system, system fix, system fix virus, ubuntu, versuche, virus, vorgang, webseite, win, win7, win7 64, win7 64 bit |
Linear-Darstellung
